vsftpd alternatives

[The.Ex-pat]

I'm having problems with vsftpd.

When I'm connected to the local network in Los Angeles, the server works flawless.
When I create a wifi hotspot with my cellphone in LA or Mexico, the server works flawless.
when I connect to my local network in Mexico, I can log in, however every command I pass is met with:

Code: Select all

500 unknown command

Code: Select all

425 use PORT or PASV first

I've been web searching, everything says the FIREWALL and NAT are the culprits. I've tried messing with all of my router settings, I can't seem to get around it.

If vsftpd isn't going to work for me, what is a good substitute? I chose vsftpd because is secure and has a low overhead. What are some other options?

[lightman47]

Let's back up a bit.

You posted error messages to commands you'd issued, but NOT the commands that produced the messages.

You don't mention how vsftp (a great file transfer program) is involved.

How is anyone to help you?

[TrevorH]

Are you using firewalld and if so, how did you open the port for ftp? Did you manually open using --port= or uisng --service=ftp? Using --service does other stuff for you that you need that just opening individual ports will not do. More specifically the service version loads the nf_conntrack_ftp module that keeps track of all the random ports that ftp likes to use and transparently allows the traffic.

firewall-cmd --add-service=tcp [--permanent]

[The.Ex-pat]

Let's back up a bit.

You posted error messages to commands you'd issued, but NOT the commands that produced the messages.

You don't mention how vsftp (a great file transfer program) is involved.

How is anyone to help you?

I'm sorry my Man. I wasn't intending to be vague and/or indirect.
I know you have a good deal of reading on this forum daily. As such I always try to keep my posts brief.

I opened the service FTP and port 21 in firewalld when I setup the vsftp service. I'm not having any problems with the ISP in Los Angeles. I'm not having any problems with the firewall or seLinux on the server.

Again, vsftp works awesome from inside the local network in Los Angeles where the server is located.
vsftp works perfect if I make a hotspot with my cellphone and connect with my laptop from outside the local network, both in Los Angeles and in Mexico.

The problem comes in when I try to connect from my local ISP in Mexico. From my windows machines, in the powershell, I can connect to the vsftp server. e.g. username and password are accepted. But that's it! Any further commands that involve the remote server gives both errors simultaneous. e.g. dir, put, get, cd, commands all give the above mentioned errors. While commands to the local machine e.g. lcd or !dir work.

again, I web searched the errors I was receiving and the general info I was coming up with is that NAT and/or Firewalls on the local network in Mexico are causing the problem. I attempted several different configurations on the local network router in Mexico to no avail. I know vsftp is a good file transfer protocol and I don't believe the problem to be with my server configuration or the ISP in Los Angeles. I believe the problem to be with the ISP and/or the router on my local network in Mexico. Again, I can make a wifi hotspot with my cellphone, in the USA or Mexico and the server works flawless. I sent and received several small files for testing purposes.

I'm open to any suggestions you may have for getting vsftp working from my ISP in Mexico or another service that may work in place of vsftp.

As always, I appreciate your time and thank you for reading.

[Whoever]

Can you use scp or sftp? The SSH-based file transfer programs only use a single channel, so they don't have the firewall issues that ftp has.

[TrevorH]

I opened the service FTP and port 21 in firewalld when I setup the vsftp service.

So you used the port numbers to open the firewall. See my post above, that is the wrong way to do it.

[The.Ex-pat]

I opened the service FTP and port 21 in firewalld when I setup the vsftp service.

So you used the port numbers to open the firewall. See my post above, that is the wrong way to do it.

I PASSED BOTH:

Code: Select all

firewall-cmd --zone=public --add-service=ftp --permanent

Code: Select all

firewall-cmd --zone=public --add-port=21 --permanent

here is the result for

Code: Select all

firewall-cmd --list-all

Code: Select all

public (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp1s0
  sources:
  services: dhcpv6-client ftp ssh
  ports: 21/tcp 3128/tcp
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

Again, The service works flawless unless I attempt to access it from the local ISP in Mexico.

Thank you.

[The.Ex-pat]

Can you use scp or sftp? The SSH-based file transfer programs only use a single channel, so they don't have the firewall issues that ftp has.

I could give this a try.

What is the difference between SFTP and VSFTP??
From a windows machine, They both use ftp from the powershell for file transfer or no?

[TrevorH]

firewall-cmd --zone=public --add-service=ftp --permanent

Did you reload firewalld after making that change? Or run it again without --permanent?

If lsmod | grep nf_conntrack_ftp shows no output then it didn't take effect.

[The.Ex-pat]

firewall-cmd --zone=public --add-service=ftp --permanent

Did you reload firewalld after making that change? Or run it again without --permanent?

If lsmod | grep nf_conntrack_ftp shows no output then it didn't take effect.

Yup, ran

firewall-cmd --reload

The problem has to be with the ISP in Mexico.